//package com.sloan.community.config;
//
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.authorization.AuthorizationDecision;
//import org.springframework.security.authorization.ReactiveAuthorizationManager;
//import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
//import org.springframework.security.config.web.server.ServerHttpSecurity;
//import org.springframework.security.core.Authentication;
//import org.springframework.security.web.server.SecurityWebFilterChain;
//import org.springframework.security.web.server.authorization.AuthorizationContext;
//import reactor.core.publisher.Mono;
//
//@Configuration
//@EnableWebFluxSecurity
//public class SecurityConfig {
//
//    @Bean
//    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
//                http
//                .authorizeExchange(exchange -> {
//                    exchange
//                            .anyExchange()
//                            .permitAll();
//                })
////                .exceptionHandling(exchange -> {
////                    // 发生错误重定向到对应controller TODO 等待以后完善
////                    exchange.authenticationEntryPoint(new RedirectServerAuthenticationEntryPoint("/error.html"));
////                })
//                .formLogin(ServerHttpSecurity.FormLoginSpec::disable)
//                .httpBasic(ServerHttpSecurity.HttpBasicSpec::disable) //TODO 没啥用这个，很奇怪
//                .csrf(ServerHttpSecurity.CsrfSpec::disable); // https://zhuanlan.zhihu.com/p/366715378 TODO XSS待看
//        return http.build();
//    }
//
//}
